Secures Docker containers on AWS with Deep Security

Overview

TRC is a national engineering, consulting, and construction management firm that provides integrated services to the energy, environmental, and infrastructure markets. TRC implements complex, end-to-end projects for a broad range of clients in government and industry.

In late 2015, TRC added a new Pipeline Services division, and grew to 4,100 employees in 120 U.S. offices with the acquisition of Willbros Groups’ Professional Services division. While at Willbros, Jason Cradit, Senior Director of Technology at TRC, played a transformative role and drove public cloud use as a strategic priority.

Challenges

Willbros began its cloud transformation in 2011, with Amazon Web Services (AWS). Cradit joined Willbros in 2012, and his first job was to ensure that workloads on AWS were secure. To protect everything in a cloud environment, Willbros needed a visual security solution that protected all data, applications, and operating systems in the cloud. They also wanted their security provider to manage the security for them.

Cradit discovered Trend Micro™ Deep Security™ as a Service (DSaaS) in 2013, and fully deployed it for AWS workloads. After acquiring Cradit’s division at Willbros in 2015, TRC decided on Deep Security for their multi-cloud environment. “From one pane of glass, we have been able to demonstrate the value Deep Security brings to our entire environment,” said Cradit.

Fast forward to 2017, and TRC continues to expand the use of Deep Security on AWS. However, TRC faced unexpected challenges when it deployed certain applications. When they moved InSitePro™ analytics to AWS, the application required long run times which resulted in escalating costs. They wanted to reduce the application’s run times, update code rapidly, and speed deployment, using more cost-effective microservices. That meant moving to Docker containers on AWS, but TRC was concerned with how to secure the new environment.

Why Trend Micro

To build API gateways on AWS, TRC needed to be more agile and maintain a high level of security. Cradit’s team found that by using Docker containers, they could quickly build and deploy code. They could focus on microservices, and ultimately concentrate on business outcomes.

TRC wanted to use Deep Security for the containers because it would allow them to use their tools and deployment mechanism, but they also knew the container host had its own set of security practices. “Deep Security is the perfect solution for both Docker containers and AWS, providing the same high level of security we needed,” said Cradit.

Solution

Cradit’s group has implemented all the Deep Security features, including the firewall, intrusion detection and prevention systems (IDS/IPS), anti-malware, virtual patching, web reputation, log inspection, and integrity monitoring. “We always have the firewall on, and we turn on web reputation, so we are protected from advanced persistent threats,” said Cradit.

To reduce the cost of running the InSite Pro application on AWS, TRC moved the application to a Docker container. Since March 2018, TRC has used Deep Security to protect all applications they launch on a container, allowing for developers to speed deployment and update code requirements quickly. “With assistance from Trend Micro, deploying Deep Security to protect applications on containers was easy,” added Cradit. “Our procurement process has also been simplified by purchasing Deep Security via the AWS Marketplace.”

"The move to containers on AWS has reduced our costs by ten-fold. But the greatest outcome was the faster execution and deployment times we realized."

Jason Cradit,Senior Director of Technology, TRC

Results

The elasticity of Trend Micro Deep Security and AWS has benefited TRC’s bottom line. “When the oil and gas industry tanks, we have to reduce our workforce. In the past, we were hit with a fixed depreciation cost for our infrastructure. Now, if we experience a downturn, we can reduce our capacity to scale down our spend on AWS without impacting our business in any way,” said Cradit.

With Deep Security protecting both its AWS and container environment, TRC has the connected threat defence it needs to safely deliver services to the business. Also, since Cradit and his team were already familiar with the Deep Security solution, there was no learning curve. What’s more, with Deep Security’s ability to support compliance requirements, such as the General Data Protection Regulation (GDPR), TRC has opened the door to new opportunities in the European market. “The move to containers on AWS has reduced our costs by ten-fold,” said Cradit. “The greatest outcome was the faster execution and deployment times we realized.”

"Having a security partner like Trend Micro, that keeps up with modern technologies and advanced threats in real time, gives me confidence that my workloads can be protected at any time, even as architectures shift."

Jason Cradit,Senior Director of Technology, TRC

What's Next

TRC is currently in the process of creating its own software company, using the great work from Cradit and the IT team. As part of their strategy roadmap, they plan to move more applications to Docker containers on AWS protected by Deep Security. “We’re focusing on architecture that will allow TRC to transition from waterfall methodology to a microservices approach, which is fundamental to our go-to-market strategy. Having a security partner like Trend Micro that truly understands the changing dynamics of our industry is essential,” said Cradit.